Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QuRp8XyLWzh_qd5-bB7chLczzy8.roa
File:                     QuRp8XyLWzh_qd5-bB7chLczzy8.roa (raw, json)
Hash identifier:          Fg6NPtloRu4N27tS9T1ACEpcYAYt/+5LfHDZfCHoKhM=
Subject key identifier:   42:E4:69:F1:7C:8B:5B:38:7F:A9:DE:7E:6C:1E:DC:84:B7:33:CF:2F
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018FDE15489FD4401B155D4277380FD9A147
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QuRp8XyLWzh_qd5-bB7chLczzy8.roa
Signing time:             Mon 03 Jun 2024 12:31:27 +0000
ROA not before:           Mon 03 Jun 2024 12:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48458
IP address blocks:        217.79.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:de:15:48:9f:d4:40:1b:15:5d:42:77:38:0f:d9:a1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jun  3 12:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42e469f17c8b5b387fa9de7e6c1edc84b733cf2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:72:46:0e:cd:96:83:b6:66:c6:5f:fc:5b:1f:
                    25:b3:cf:60:43:d2:20:93:a9:9d:ab:2e:0e:5d:7a:
                    bd:e6:fb:b3:48:7f:fa:d5:2e:1e:70:5c:67:e4:ec:
                    f1:af:01:72:c0:dd:7e:78:a6:fd:8b:35:68:20:b6:
                    2c:8b:11:2e:d4:d2:a9:40:70:0e:d6:d5:79:56:ac:
                    6b:ac:f8:b9:e1:9d:8e:b6:f5:9a:70:36:60:f1:82:
                    ef:c7:3c:86:dd:72:6c:3d:51:42:d3:d4:86:ce:a5:
                    60:c3:c0:93:0d:c0:57:20:b5:cc:cf:fc:a9:eb:58:
                    95:20:2f:fa:56:57:76:43:28:53:1d:e0:6b:54:5f:
                    e1:e2:9e:f9:b8:e8:56:82:98:36:9a:7c:c3:8e:a3:
                    6d:5e:47:cb:dc:39:2b:3b:a0:ac:8e:55:5e:eb:9f:
                    b8:0a:69:a2:56:61:ef:cb:79:d2:c9:b5:46:fb:32:
                    2c:9b:31:31:3c:64:f2:01:6d:15:87:82:b8:1c:48:
                    be:6b:bf:7f:0f:dc:5d:c7:28:ee:07:34:48:8f:9c:
                    45:d3:3a:ec:52:24:4f:ab:28:14:20:3e:ac:e5:17:
                    e0:a1:d5:ce:73:cd:32:a3:53:5a:fd:1a:8a:f9:e7:
                    fa:3c:12:83:66:8c:60:a5:f2:26:aa:e7:75:04:aa:
                    ea:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E4:69:F1:7C:8B:5B:38:7F:A9:DE:7E:6C:1E:DC:84:B7:33:CF:2F
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QuRp8XyLWzh_qd5-bB7chLczzy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.79.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:7b:58:50:50:b0:67:fc:5a:89:4a:49:98:3d:cf:bb:cb:53:
         c4:a4:bf:3e:bf:cf:95:79:8e:13:22:a9:7d:00:69:66:94:62:
         2b:44:c1:66:e2:66:86:28:5b:f1:da:a0:f8:60:92:19:5c:36:
         56:12:47:c4:5d:3a:7d:8a:84:6a:53:8f:04:be:7f:44:01:68:
         33:19:4a:81:1d:65:51:34:b9:54:fa:f7:9b:03:1f:a7:7f:5f:
         c7:0a:f3:b6:03:46:26:07:9e:4d:1c:75:7d:ce:38:f2:56:7f:
         83:b8:14:c5:02:56:f2:c9:e2:82:97:0c:63:46:48:f9:8a:a2:
         aa:2c:95:fc:c3:d0:5c:3e:2e:06:ac:cc:e0:65:49:dc:25:1f:
         b4:75:60:59:e0:89:1c:74:31:66:f7:c9:4e:01:96:77:df:bc:
         10:3e:0a:3f:0e:83:91:f3:18:b7:bf:d8:50:86:b1:7e:c9:b0:
         b2:b6:29:8a:ea:ed:76:0b:03:47:38:ec:70:0c:78:27:72:3e:
         74:eb:a0:7d:f4:6f:93:84:8e:42:d7:5f:b4:5a:fe:1a:07:37:
         3f:3e:4d:6f:d7:00:4a:64:dc:ef:81:d9:6c:da:29:18:1c:50:
         05:9a:27:0c:cf:0b:0f:e5:5d:1e:8f:84:2c:cc:ca:f8:d7:75:
         98:fc:e6:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/eFUif1EAbFV1CdzgP2aFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwNjAzMTIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmU0NjlmMTdjOGI1YjM4N2ZhOWRlN2U2YzFlZGM4NGI3MzNjZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXJGDs2Wg7Zmxl/8Wx8ls89gQ9Ig
k6mdqy4OXXq95vuzSH/61S4ecFxn5OzxrwFywN1+eKb9izVoILYsixEu1NKpQHAO
1tV5VqxrrPi54Z2OtvWacDZg8YLvxzyG3XJsPVFC09SGzqVgw8CTDcBXILXMz/yp
61iVIC/6Vld2QyhTHeBrVF/h4p75uOhWgpg2mnzDjqNtXkfL3DkrO6CsjlVe65+4
CmmiVmHvy3nSybVG+zIsmzExPGTyAW0Vh4K4HEi+a79/D9xdxyjuBzRIj5xF0zrs
UiRPqygUID6s5RfgodXOc80yo1Na/RqK+ef6PBKDZoxgpfImqud1BKrquwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELkafF8i1s4f6nefmwe3IS3M88vMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvUXVScDhYeUxXemhfcWQ1LWJCN2NoTGN6enk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2U8nMA0G
CSqGSIb3DQEBCwUAA4IBAQBge1hQULBn/FqJSkmYPc+7y1PEpL8+v8+VeY4TIql9
AGlmlGIrRMFm4maGKFvx2qD4YJIZXDZWEkfEXTp9ioRqU48Evn9EAWgzGUqBHWVR
NLlU+vebAx+nf1/HCvO2A0YmB55NHHV9zjjyVn+DuBTFAlbyyeKClwxjRkj5iqKq
LJX8w9BcPi4GrMzgZUncJR+0dWBZ4IkcdDFm98lOAZZ337wQPgo/DoOR8xi3v9hQ
hrF+ybCytimK6u12CwNHOOxwDHgncj5066B99G+ThI5C11+0Wv4aBzc/Pk1v1wBK
ZNzvgdls2ikYHFAFmicMzwsP5V0ej4QszMr413WY/OYi
-----END CERTIFICATE-----